Onfido logo home page
Watch a demo
Get in touch
Arrow back Back to guides
We've scheduled essential maintenance on the Onfido platform, affecting all regions. Read more.

Data deletion

Start here

Onfido's data deletion service enables you to manage and delete client data. We recommend you read this guide to better understand the key features of this service and your abilities and rights to delete data from Onfido.

You may find our data deletion FAQs useful.

If you have any difficulties, please email our Client Support team.

Key terms                                         Explanation
Data 'soft deletion' Applicant data which has been requested for deletion and moved into the Archive for the deletion delay period. The data can still be restored if requested.
Data 'Archive' Contains all soft-deleted applicant data during the deletion delay period. The data is no longer visible to you, but can still be retrieved and restored.
'Deletion delay period' The period between a data deletion request and hard deletion of that data. During this period, the data remains in the Archive.
Data 'hard deletion' Permanent deletion of applicant data following the end of the deletion delay period. Your Archive is emptied, and the data deletion is made permanent in our platform and coordinated through our architecture by our deletion service. The data cannot be restored.

Deletion requests

Onfido will never delete your applicant data unless you request or configure it

You can make a deletion request for a single applicant via the Onfido Dashboard or directly to the 'delete applicant' API endpoint. Sending a deletion request adds the applicant and all associated documents, photos, videos, checks, and reports to the data Archive.

Dashboard (Owner and Admins only)

  1. Go to your Onfido Dashboard
  2. Select Checks
  3. Select the check of the applicant you want to delete
  4. Select Delete applicant data in the check's page sidebar
  5. Read the confirmation overlay
  6. Tick all checkboxes on the confirmation overlay and select Schedule deletion to confirm

API

  1. Make a request to the 'delete applicant' endpoint in our API, using the applicant ID

Data deletion methods

Data deletion can be configured in one of two ways:

  1. Ad hoc deletion
  2. Rolling deletion

Ad hoc deletion

Ad hoc deletion gives you the tools to delete data as and when you need to, and can be triggered from the Dashboard or directly to the 'delete applicant' API endpoint.

When triggering ad hoc deletion, applicant data will be soft-deleted and stored in the Archive for a default period of 20 days.

Applicant data will be permanently deleted 20 days from the time of the deletion request. You can cancel the request within this time by restoring applicant data.

Ad hoc data deletion diagram

Note: The minimum time before requesting applicant deletion after a check has been created is 48 hours.

Rolling deletion

Rolling deletion is a self-service deletion option which allows you to pre-determine how long applicant data is stored by Onfido before moving to the Archive.

Data is configured to be deleted on a rolling basis after the completion of an applicant's check, or after the applicant’s creation date (if no check has been created). You determine the length of time before data is scheduled for deletion. The only constraint is a minimum period of 48 hours.

The Archive is configured separately to be emptied and the applicant's data permanently deleted. This is also done on a rolling basis after the default period of 30 days from the initial deletion request. You can cancel the request within this time by restoring applicant data.

Note: Rolling deletion settings apply to all your applicant data, not just individual applicants.

Rolling data deletion diagram

Rolling deletion deletes the applicant data listed in the scope of deletion. Onfido retains aggregate data pertaining to your volumes and our service levels.

Scope of deletion

Data is hard-deleted after the delay period has ended. At this point the Archive is emptied and the data deletion is made permanent in our platform and coordinated through our architecture by our deletion service. Data cannot be restored once it has been deleted from the Archive.

Deletion of an applicant and their data includes:

  • personal details
  • documents, photos, videos
  • checks and reports
  • tags and notes
  • analytics data

After deletion, Onfido will no longer have personal data related to that applicant. Applicant details cannot be recovered or queried, and Onfido will not be able to carry out any troubleshooting or investigate any queries you raise.

All other personal data processed by Onfido (including personal data processed for backup and logging purposes) or on behalf of Onfido (including personal data processed by third parties) is deleted in accordance with Onfido’s Records of Processing.

Note: Associated applicant data, such as documents or checks, cannot be deleted independently of the applicant itself.

Note: A request to delete data through the API or Dashboard will result in that data also being deleted from the Onfido database.

Deletion delay period

All deletion requests are set to complete a deletion delay period. Once a deletion request has been made it will be soft-deleted and moved to your Archive. During the delay period, applicant data is no longer visible to you, but data can be restored. Hard deletion will be executed after the deletion delay period has expired.

By default, the deletion delay period is set to 20 days for ad hoc deletion and 30 days for rolling deletion. This is because, once data has been permanently deleted, Onfido cannot query any results in relation to an application.

To enquire about changing the deletion delay period, contact your service manager or get in touch with our client support team.

Why is data not deleted instantly?

Onfido's deletion delay period is in place to help address the following potential scenarios:

  • Fighting against “bad actors”

    • In the event that your internal systems are compromised and a bad actor bulk deletes your applicant data, the Archive gives you a brief window to restore any lost data, reducing your risk exposure
  • Protecting you from human error

    • The Archive gives you a grace period to recover accidentally executed deletion requests and recover this lost data
  • Room for investigation

    • If an applicant’s data is deleted and you quickly wish to investigate that applicant for audit purposes, the Archive gives you the opportunity to investigate that applicant before data is permanently deleted

Note: Data kept with Onfido beyond 30 days is used to improve our services, such as training our agents and algorithms. If data is deleted within 30 days it will not be used to train our Machine Learning.

Restoring data

Data can be retrieved or restored from the data Archive within the set deletion delay period. You can make a request to restore data via the Onfido Dashboard or directly to the 'restore applicant' API endpoint.

Dashboard (Owner and Admins only)

  1. Go to your Onfido Dashboard
  2. Select Checks
  3. Select the Restore data button on the Checks list page for the required applicant
  4. After reading the confirmation overlay, select Restore data to confirm

API

  1. Make a request to the 'restore applicant' endpoint in our API, using the applicant ID
Onfido

Our Solutions

Onfido uses 256-bit SSL encryption 100% of the time on every device.

BSI ISO/IEC27001

Onfido has been certified by BSI to ISO 27001 under certificate number IS 660122.

© Onfido™, 2020. All rights reserved.
Company Registration Number: 07479524.